-
Bandwidth problem when using openvpn
Hi !
I'm using openvpn as a client on clearos since couple of years. Clearos is set as a Gateway for my LAN, but connect as a client to a VPS from DigitalOcean in Toronto, to be able to have all my devices behind a VPN. I also have a Cisco ASA5505 Firewall between my internet connection and the eth0 of clearos.
Everything was going very well on my 30 Mbit internet connection. Then i decided to upgrade it to 60 Mbit. I noticed that when openvpn is connected to the VPS, my speed is limited to 30M (speedtest.net). I did the speedtest on the IP Setting page of Clearos, then saved the result on eth0, but it still cap at 30Mbit.
To make sure where was the problem, i installed openvpn on my Archlinux PC, then put the pc behind the ASA5505, but before ClearOS eth0. With openvpn client connected to the same VPS on my Archlinux PC, i can reach the 60 Mbit on speedtest.net. So the problem is not the ASA, not the Digitalocean server. It look like openvpn on clearos is limiting the bandwitdth to 30M.
Here is a basic overview of the current routing. All my devices goes on the internet from DigitalOcean IP.
Internet --> ASA5505 --> Clearos eth0 [ ] Clearos eth1 --> Cisco 48 port gig switch --> All my devices
|
|
Clearos openvpn client --> My Toronto VPS --> DigitalOcean Internet
Here is the clearos openvpn.conf :
# Mode et protocol
client
remote xxxxxxx.ca 1443
proto udp
dev tun
# Option du VPN
topology subnet
comp-lzo
persist-key
keepalive 10 120
verb 3
log digitalocean.log
# Encryption et TLS
cipher AES-256-CBC
auth SHA256
tls-client
remote-cert-tls server
tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
# Certificats
tls-crypt /etc/openvpn/keys/do-vps.tlsauth
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/pingouin.crt
key /etc/openvpn/keys/pingouin.key
Here is the server side config:
# Mode et protocol
port 1443
proto udp
dev tun
# Option du VPN
topology subnet
tls-server
ifconfig-pool-persist ipp.txt
comp-lzo
max-clients 3
persist-key
user nobody
group nobody
client-to-client
client-config-dir ccd
keepalive 10 120
chroot /var/empty/openvpn_server
verb 3
log server.log
# Encryption et TLS
cipher AES-256-CBC
auth SHA256
remote-cert-eku "TLS Web Client Authentication"
tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
# Certificats
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/do-vps.crt
key /etc/openvpn/easy-rsa/keys/do-vps.key
dh /etc/openvpn/easy-rsa/keys/dh1024.pem
tls-crypt /etc/openvpn/easy-rsa/keys/do-vps.tlsauth
# Config IP
server 10.9.0.0 255.255.255.0
route 10.195.198.0 255.255.255.0 10.9.0.2 (10.195.198.0 is my LAN subnet)
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
Here is the routing table, when connected to the VPS:
[root@pingouin ~]# ip route
0.0.0.0/1 via 10.9.0.1 dev tun0
default via 172.16.24.1 dev ens18
10.9.0.0/24 dev tun0 proto kernel scope link src 10.9.0.2
10.195.198.0/24 dev ens19 proto kernel scope link src 10.195.198.2 (ens19 is the LAN interface of clearos, which is set to 10.195.198.2)
128.0.0.0/1 via 10.9.0.1 dev tun0
159.203.27.104 via 172.16.24.1 dev ens18
172.16.24.0/24 dev ens18 proto kernel scope link src 172.16.24.2 (172.16.24.1 is the ASA5505, 172.16.24.2 is clearos External interface (ens18)) -